SOC Engineer required for global legal firm. You will be responsible for advancing the maturity of the SIEM platform alongside other strategic security solutions, working closely with internal teams to improve the organisation’s overall security posture.
This position focuses on onboarding new log sources, optimising data pipelines, developing advanced detection use cases, and strengthening overall security monitoring and response. It’s an excellent opportunity for a security professional who enjoys building scalable, high-performing SOC environments and driving continuous improvement.
The Role
This role also involves contributing to security service improvements and core operational processes, including incident, change, and problem management, as well as supporting the design, implementation, and review of security controls.
There may occasionally be a requirement to support out-of-hours changes or respond to critical security incidents.
Key Responsibilities
SIEM Engineering & Optimisation
* Enhance and optimise SIEM performance, coverage, and detection fidelity
* Assess and improve SIEM architecture, including ingestion pipelines, parsing, and correlation logic
* Implement automation and orchestration (SOAR) to streamline response activities
Log Source Onboarding & Integration
* Identify and onboard new log sources across cloud, network, endpoint, and application environments
* Develop custom parsers, connectors, and ingestion playbooks
* Collaborate with internal teams and vendors to ensure reliable, high-quality telemetry
Detection Engineering
* Design and implement detection use cases aligned to MITRE ATT&CK and threat intelligence
* Build and tune correlation rules, anomaly detections, dashboards, and alerting workflows
* Continuously refine detections to reduce false positives and improve effectiveness
SOC & Incident Response Support
* Partner with SOC analysts to validate and improve detection logic
* Support investigations through advanced SIEM queries and data analysis
* Act as a subject matter expert on complex security incidents
Documentation & Governance
* Maintain clear documentation of data models, integrations, and detection logic
* Ensure alignment with security standards, controls, and compliance requirements
Skills & Experience
Technical Expertise
* Hands‑on experience with SIEM platforms such as Splunk, Microsoft Sentinel, QRadar, Elastic, ArcSight, LogRhythm, or Exabeam
* Strong understanding of log formats (JSON, syslog, XML, CEF) and ingestion methods (APIs, Kafka, Event Hubs, agents)
* Experience in detection engineering, threat modelling, and attacker behaviour analysis
* Proven ability to build and tune correlation rules, dashboards, and alerts
* Familiarity with SOAR tools and automation workflows
Security Knowledge
* Solid understanding of networking, Windows/Linux systems, cloud platforms (Azure, AWS, GCP), identity systems, and endpoint security tools
* Knowledge of MITRE ATT&CK, cyber kill chain, and threat hunting techniques
Requirements
* Degree (Level 4+) in a computing-related subject or equivalent experience
* Background across IT infrastructure and information security roles
* Relevant certifications (eg GIAC, SC-200/SC-100, CISSP, SSCP, CSIS)
* Strong Scripting skills (Python, PowerShell, PowerApps)
* Excellent communication skills with the ability to engage stakeholders at all levels
* Proactive, self‑driven approach with strong analytical capability
Desirable Experience
* Data Loss Prevention (DLP)
* Secure remote access solutions
* Network security technologies
* Threat intelligence and open-source security tools
* Experience with SaaS, IaaS, PaaS, and DaaS environments
* Business continuity and disaster recovery planning
* Knowledge of data privacy regulations
#J-18808-Ljbffr